From: Alan Modra Date: Sun, 3 Jan 2021 23:49:14 +0000 (+1030) Subject: PR26741, benign use after free in riscv_parse_prefixed_ext X-Git-Url: https://git.libre-soc.org/?a=commitdiff_plain;h=e9cf3691bfa140469d52815a2307b00eecf7917c;p=binutils-gdb.git PR26741, benign use after free in riscv_parse_prefixed_ext ISO/IEC 9899:1999 C standard "J.2 Undefined behavior" says the following is undefined behaviour: "The value of a pointer that refers to space deallocated by a call to the free or realloc function is used (7.20.3)." PR 26741 * elfxx-riscv.c (riscv_parse_prefixed_ext): Free subset after calculating subset version length. --- diff --git a/bfd/ChangeLog b/bfd/ChangeLog index d760a4a71b0..a72e811b1c9 100644 --- a/bfd/ChangeLog +++ b/bfd/ChangeLog @@ -1,3 +1,9 @@ +2021-01-04 Alan Modra + + PR 26741 + * elfxx-riscv.c (riscv_parse_prefixed_ext): Free subset after + calculating subset version length. + 2021-01-01 Nicolas Boulenguez * xcofflink.c: Correct spelling in comments. diff --git a/bfd/elfxx-riscv.c b/bfd/elfxx-riscv.c index 9d7f6069952..101e27f8202 100644 --- a/bfd/elfxx-riscv.c +++ b/bfd/elfxx-riscv.c @@ -1572,8 +1572,8 @@ riscv_parse_prefixed_ext (riscv_parse_subset_t *rps, riscv_parse_add_subset (rps, subset, major_version, minor_version, FALSE); - free (subset); p += end_of_version - subset; + free (subset); if (*p != '\0' && *p != '_') {